I’m building an invite only application and I want my users to authenticate using social providers.
Current implementation is based on the guide from https://auth0.com/docs/design/creating-invite-only-applications. Detailed algorithm is:
- Admin invites a user to the application using email address
- User gets email with activation link and opens it
- Application marks user as ‘invited’ and creates user in auth0 database
- Application requests password change
- User gets ‘verify your email’ message and click ‘verify your account’
- User logs in using Google
The questions are:
- On step (5) user gets ‘verify’ request, not ‘change password’. Which is kinda misleading. User still does not have any password for database login. What should I change for user to get ‘change password’ email? Maybe there’s some way to send ‘set a password’ email?
- After step (6) auth0 has 2 users with same emails - for database and Google connections. Should I use “Link a user account” Management API call to bind social provider user to primary database-provided user?